S_s_l_handshake_exception in watcher

Hi,
I am trying to create the following watcher to send automatically a csv report coming from the POST url of a saved search of kibana. The whatcher is the following:

{
  "trigger": {
    "schedule": {
      "interval": "2m"
    }
  },
  "input": {
    "none": {}
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "email_admin": {
      "email": {
        "profile": "standard",
        "attachments": {
          "report.csv": {
            "reporting": {
              "url": "https://XXXXXX:5601/api/reporting/generate/csv_searchsource?jobParams=.....",
              "auth": {
                "basic": {
                  "username": "xxxxxx",
                  "password": "xxxxxx"
                }
              }
            }
          }
        },
        "to": [
          "XXXXX@xxxxxx.com"
        ],
        "subject": "report"
      }
    }
  }
}

y el error es el siguiente:

    "actions": [
      {
        "id": "email_admin",
        "type": "email",
        "status": "failure",
        "error": {
          "root_cause": [
            {
              "type": "s_s_l_handshake_exception",
              "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
            }
          ],
          "type": "s_s_l_handshake_exception",
          "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
          "caused_by": {
            "type": "validator_exception",
            "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
            "caused_by": {
              "type": "sun_cert_path_builder_exception",
              "reason": "unable to find valid certification path to requested target"
            }
          }
        }
      }
    ]
  },

as you can see it is a certificate error but I don't know where the problem really is, to give more context:
I have a whole cluster of several nodes with security enabled and they have certificates created from the elastic elasticsearch-certutil tool, so they are self-signed certificates. On the other hand, kibana uses a certificate signed by digicert as ssl server. My configuration in elasticsearch.yml:

xpack.security.enabled: true

# Enable encryption and mutual authentication between cluster nodes

xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  certificate: certs/node01.crt
  key: certs/node01.key
  certificate_authorities: certs/ca.crt

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents

xpack.security.http.ssl:
  enabled: true
  verification_mode: certificate
  certificate: certs/node01.crt
  key: certs/node01.key
  certificate_authorities: [ "certs/ca.crt" ]

and my kibana.yml configuration:

server.ssl.enabled: true
server.ssl.certificate: certs/kibana_digicert.crt
server.ssl.key: certs/kibana_digicert.key

elasticsearch.ssl.certificateAuthorities: [ "certs/ca.crt" ]

Could someone help me to understand what is happening?
Thanks in advance.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.